Setting the Record Straight for Susan Boyle Fans: The Cover-Up

It appears that the new admin accounts were created for a specific purpose. Afterwards an attempt was made to hide what had been done. The cover up included both altering the record and removing some of the accounts.

The cover-up began while JudyOkla and Danileo were still attempting to give administrator permissions to their new admin accounts. The account of kaydaniels (8101) was apparently not working out well. So they got rid of it.

Both Danileo and JudyOkla altered the record of kaydaniels. Then on the evening of July 18th, the first kaydaniels was “killed” by Danileo, using the account of Evamarie. (Reminder from a previous blog: To “kill” in vBulletin is to “run code to remove item in database”.)

admin logid	user id	dateline	script	action	extrainfo	ipaddress
48054	57 (Danileo)	1279501248 07 / 18 / 10 @ 8:00:48pm EST	user.php	change history	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48058	250 (JudyOkla)	1279501448	user.php	edit	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
48059	250	1279501460 07 / 18 / 10 @ 8:04:20pm EST	user.php	change history	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
48068	250	1279501659	user.php	edit	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
48069	250 (JudyOkla)	1279501739	user.php	edit access	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
48089	250	1279502929	user.php	edit	user id = 8101	9x.xxx.xxx.x7 (JudyOkla)
48092	8036 (EvaMarie)	1279503005	user.php	edit	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48093	8036	1279503027 07 / 18 / 10 @ 8:30:27pm EST	user.php	remove	user id = 8101	6x.xxx.xx.xx7 (Danileo)
48094	8036 (EvaMarie)	1279503037 07 / 18 / 10 @ 8:30:37pm EST	user.php	kill	user id = 8101	6x.xxx.xx.xx7 (Danileo)

Beginning on July 19th, lchris began to remove admin permissions from Evamarie. EvaMarie tried a few more actions before she was disempowered. These actions were done from the IP address of Danileo. lchris continued to remove admin and moderator permissions.

There were more steps than I have shown here, because lchris went through the permissions step by step to make sure she didn’t miss any. They look essentially the same and would take up pages, so I have included only a few examples.

On July 23rd. Pickled Tink checked the IP used by EvaMarie (doips = do IP search). Following that, Pickled Tink “killed” the account of EvaMarie.

admin logid	user id	dateline	script	action	extrainfo	ipaddress
48403	99 (lchris)	1279568595 07 / 19 / 10 @ 2:43:15pm EST	admin permissions .php	edit	user id = 8036 (evamarie)	7x.xx.xx.xx9 (lchris)
48421	99	1279571479 07/19/10 @ 3:31:19pm EST	admin permissions .php	edit	user id = 8036 (evamarie)	7x.xx.xx.xx9 (lchris)
48434	8036 (Eva Marie)	1279573080 07 / 19 / 10 @ 3:58:00pm EST	user.php	find		6x.xxx.xx.xx7 (Danileo)
48435	8036	1279573091	user.php	find names		6x.xxx.xx.xx7 (Danileo)
48436	8036 (Eva Marie)	1279573093 07 / 19 / 10 @ 3:58:13pm EST	user.php	view user	user id = 2657	6x.xxx.xx.xx7 (Danileo)
48457	99 (lchris)	1279583010 07 / 19 / 10 @ 6:43:30pm EST	admin permissions .php	edit	user id = 8036 (evamarie)	7x.xx.xx.xx9 (lchris)
48507	99	1279584705 07 / 19 / 10 @ 7:11:45pm EST	admin permissions .php	edit	user id = 8036 (evamarie)	7x.xx.xx.xx9 (lchris)
48577	99 (lchris)	1279587039 07 / 19 / 10 @ 7:50:39pm EST	moderator .php	edit global	username = evamarie	7x.xx.xx.xx9 (lchris)
48782	99 (lchris)	1279653651 07 / 20 / 10 @ 2:20:51pm EST	moderator .php	edit global	user id = 8036	7x.xx.xx.xx9 (lchris)
48783	99	1279653651	moderator .php	edit global	username = evamarie	7x.xx.xx.xx9 (lchris)
48926	99 (lchris)	1279683315 07 / 20 / 10 @ 10:35:15pm EST	moderator .php	edit global	username = evamarie	7x.xx.xx.xx9 (lchris)
49807	94 (Pickled Tink)	1279915990 07 / 23 / 10 @ 3:13:10pm EST	user.php	edit	user id = 8036	8x.xx.xxx.x4 (Pickled Tink)
49808	94 (Pickled Tink)	1279916012	usertools .php	doips (do ip search)	user id = 8036	8x.xx.xxx.x4 (Pickled Tink)
49811	94	1279916084	user.php	remove	user id = 8036	8x.xx.xxx.x4 (Pickled Tink)
49812	94 (Pickled Tink)	1279916089 07 / 23 / 10 @ 3:14:49pm EST	user.php	kill	user id = 8036	8x.xx.xxx.x4 (Pickled Tink)

On July 19th, lchris began to remove admin and moderator permissions from roseym. On July 27th, JudyOkla altered the record of roseym twice.

admin logid	user id	dateline	script	action	extrainfo	ipaddress
48415	99 (lchris)	1279568637 07 / 19 / 10 @ 2:43:57pm EST	admin permissions .php	edit	user id = 8102 (roseym)	7x.xx.xx.xx9 (lchris)
48515	99	1279584731	admin permissions .php	edit	user id = 8102 (roseym)	7x.xx.xx.xx9 (lchris)
48548	99 (lchris)	1279586344	admin permissions .php	edit	user id = 8102 (roseym)	7x.xx.xx.xx9 (lchris)
48556	99	1279586845 07 / 19 / 10 @ 7:47:25pm EST	moderator .php	edit global	user id = 8102	7x.xx.xx.xx9 (lchris)
48557	99	1279586845	moderator .php	edit global	username = roseym	7x.xx.xx.xx9 (lchris)
48559	99	1279586892	moderator .php	update	username = roseym	7x.xx.xx.xx9 (lchris)
48607	99 (lchris)	1279587287 07 / 19 / 10 @ 7:54:47pm EST	moderator .php	edit global	user id = 8102	7x.xx.xx.xx9 (lchris)
50833	250 (Judy Okla)	1280291305 07 / 27 / 10 @ 11:28:25pm EST	user.php	edit	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
50834	250	1280291328	user.php	change history	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
50837	250	1280291444	usertools .php	doips	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)
50838	250 (Judy Okla)	1280291464 07 / 27 / 10 @ 11:31:04pm EST	user.php	change history	user id = 8102	9x.xxx.xxx.x7 (JudyOkla)

Lchris removed admin and moderator permissions from the second kaydaniels account on the 19th and 20th of July. On July 25th, 26th and on August 1st, JudyOkla altered the record of kaydaniels (8106) six times.

admin logid	user id	dateline	script	action	extrainfo	ipaddress
48406	99 (lchris)	1279568606 07 / 19 / 10 @ 2:43:26pm EST	admin permissions .php	edit	user id = 8106 (kaydaniels)	7x.xx.xx.xx9 (lchris)
48509	99	1279584711 07 / 19 / 10 @ 7:11:51pm EST	admin permissions .php	edit	user id = 8106 (kaydaniels)	7x.xx.xx.xx9 (lchris)
48572	99 (lchris)	1279587000 07 / 19 / 10 @ 7:50:00pm EST	moderator .php	edit global	username = kaydaniels	7x.xx.xx.xx9 (lchris)
48574	99	1279587035	moderator .php	update	username = kaydaniels	7x.xx.xx.xx9 (lchris)
48596	99	1279587250 07 / 19 / 10 @ 7:54:10pm EST	moderator .php	edit global	username = kaydaniels	7x.xx.xx.xx9 (lchris)
48627	99 (lchris)	1279588235	admin permissions .php	edit	user id = 8106 (kaydaniels)	7x.xx.xx.xx9 (lchris)
48630	99	1279588241 07 / 19 / 10 @ 8:10:41pm EST	admin permissions .php	edit	user id = 8106 (kaydaniels)	7x.xx.xx.xx9 (lchris)
48665	99	1279594076	moderator .php	edit global	username = kaydaniels	7x.xx.xx.xx9 (lchris)
48786	99	1279653657	moderator .php	edit global	username = kaydaniels	7x.xx.xx.xx9 (lchris)
48894	99 (lchris)	1279679863 07 / 20 / 10 @ 9:37:43pm EST	admin permissions .php	edit	user id = 8106 (kaydaniels)	7x.xx.xx.xx9 (lchris)
48929	99	1279683324	moderator .php	edit global	username = kaydaniels	7x.xx.xx.xx9 (lchris)
50246	250 (Judy Okla)	1280082957 07 / 25 / 10 @ 1:35:57pm EST	user.php	change history	user id = 8106 (kaydaniels)	9x.xxx.xxx.x7 (JudyOkla)
50674	250	1280174488 07 / 26 / 10 @ 3:01:28pm EST	user.php	change history	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
51252	250	1280704676	user.php	edit	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
51253	250 (Judy Okla)	1280704698 08 / 01 / 10 @ 6:18:18pm EST	user.php	change history	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
51254	250	1280704710	user.php	change history	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
51255	250	1280704713	user.php	edit	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
51256	250 (Judy Okla)	1280704758 08 / 01 / 10 @ 6:19:18pm EST	user.php	change history	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
51257	250 (Judy Okla)	1280704767 08 / 01 / 10 @ 6:19:27pm EST	user.php	change history	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
51258	250	1280704785 08 / 01 / 10 @ 6:19:45pm EST	user.php	edit access	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)
51259	250 (Judy Okla)	1280704799 08 / 01 / 10 @ 6:19:59pm EST	resources .php	view user	user id = 8106	9x.xxx.xxx.x7 (JudyOkla)

Lchris removed admin and moderator permissions from Looie on July 19th and 20th. On July 25th, Pickled Tink edited Looie’s account. She did an IP search. Then she “killed” the account of Looie.

admin logid	user id	dateline	script	action	extra info	ipaddress
48409	99 (lchris)	1279568618 07 / 19 / 10 @ 2:43:38pm EST	admin permissions .php	edit	user id = 8108 (Looie)	7x.xx.xx.xx9 (lchris)
48511	99	1279584720 07 / 19 / 10 @ 7:12:00pm EST	admin permissions .php	edit	user id = 8108 (Looie)	7x.xx.xx.xx9 (lchris)
48566	99	1279586954 07 / 19 / 10 @ 7:49:14pm EST	moderator .php	edit global	user id = 8108	7x.xx.xx.xx9 (lchris)
48567	99	1279586954	moderator .php	edit global	username = Looie	7x.xx.xx.xx9 (lchris)
48569	99 (lchris)	1279586994 07 / 19 / 10 @ 7:49:54pm EST	moderator .php	update	username = Looie	7x.xx.xx.xx9 (lchris)
48974	99 (lchris)	1279683813 07 / 20 / 10 @ 10:43:33pm EST	user.php	modify	user id = 8108	7x.xx.xx.xx9 (lchris)
49925	250 (Judy Okla)	1279953802 07 / 24 / 10 @ 1:43:22am EST	user.php	view user	user id = 8108	9x.xxx.xxx.x7 (JudyOkla)
50091	94 (Pickled Tink)	1280043860 07 / 25 / 10 @ 2:44:20am EST	user.php	edit	user id = 8108	8x.xx.xxx.x4 (Pickled Tink)
50094	94	1280043889 07 / 25 / 10 @ 2:44:49am EST	usertools .php	doips (do IP search)	user id = 8108	8x.xx.xxx.x4 (Pickled Tink)
50097	94	1280047394 07 / 25 / 10 @ 3:43:14am EST	user.php	edit	user id = 8108	8x.xx.xxx.x4 (Pickled Tink)
50098	94 (Pickled Tink)	1280047464 07 / 25 / 10 @ 3:44:24am EST	user.php	remove	user id = 8108	8x.xx.xxx.x4 (Pickled Tink)
50099	94 (Pickled Tink)	1280047473 07 / 25 / 10 @ 3:44:33am EST	user.php	kill	user id = 8108	8x.xx.xxx.x4 (Pickled Tink)

The final new account was jayme (8109). On July 25th and 26th, JudyOkla altered the record of jayme six times.

admin logid	user id	dateline	script	action	extra info	ipaddress
50241	250 (Judy Okla)	1280082905 07 / 25 / 10 @ 1:35:05pm EST	user.php	edit	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
50242	250	1280082909 07 / 25 / 10 @ 1:35:09pm EST	user.php	change history	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
50253	250	1280083048	user.php	edit	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
50254	250 (Judy Okla)	1280083051 07 / 25 / 10 @ 1:37:31pm EST	user.php	change history	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
50667	250	1280174392 07 / 26 / 10 @ 2:59:52pm EST	user.php	edit	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
50668	250 (Judy Okla)	1280174397 07 / 26 / 10 @ 2:59:57pm EST	user.php	change history	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
50669	250	1280174434 07 / 26 / 10 @ 3:00:34pm EST	user.php	change history	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
50670	250 (Judy Okla)	1280174441 07 / 26 / 10 @ 3:00:41pm EST	user.php	change history	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
50677	250	1280174671	user.php	edit	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)
50678	250 (Judy Okla)	1280174675 07 / 26 / 10 @ 3:04:35pm EST	user.php	change history	user id = 8109	9x.xxx.xxx.x7 (JudyOkla)

It is clear that Pickled Tink knew about the admin accounts shortly after the events because she helped dispose of them. She “killed” two of the accounts. Before doing so, she did an IP search, so she also knew who used the accounts.

The way in which the new admin accounts were handled indicates that they were not legitimate secondary accounts. If they had been above board, there would have been no need to alter the records of those admins. If they had been legitimate, there would have been no need for one of them to be “killed” by Danileo and for two to be “killed” by Pickled Tink.

Monday, April 11, 2011

The Cover-Up